- Newest
- Most votes
- Most comments
Correct. And you’ll need a route from private subents to the NAT gateway. A useful link https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/networking-outbound.html
To allow EC2 instances in a private subnet to access the internet, the common approach is to route their traffic through a NAT Gateway. Here's how it typically works: NAT Gateway in Public Subnet: You deploy a NAT Gateway in a public subnet, which has a route to the internet through an Internet Gateway (IGW).
Elastic IP (EIP): The NAT Gateway requires an Elastic IP (EIP) to provide a static public IP address for outbound internet traffic. The EIP is automatically assigned to the NAT Gateway during creation.
You can refer to this AWS documentation :- https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)
You should have both.
The route table of the private subnet where the EC2 instances are located should have the NAT gateway in the public subnet as the next hop.
The route table of the public subnet where the NAT gateway is located should have the internet gateway as the next hop.
The NAT gateway should also have an elastic IP attached to it which is the IP that will be seen by the internet (the internet gateway by itself doesn't hold a public IP).
Relevant content
- Accepted Answerasked 10 months ago
- Accepted Answerasked 2 years ago
- asked 5 years ago
- How can I access an Amazon EMR cluster through an application if the cluster is in a private subnet?AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago